W3C home > Mailing lists > Public > public-web-security@w3.org > October 2015

Re: A Crypto-compliant JSON Implementation

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Wed, 07 Oct 2015 11:28:19 -0400
Message-ID: <56153A13.4090605@digitalbazaar.com>
To: "henry.story@bblfish.net" <henry.story@bblfish.net>
CC: Anders Rundgren <anders.rundgren.net@gmail.com>, "public-web-security@w3.org" <public-web-security@w3.org>
On 10/07/2015 10:50 AM, henry.story@bblfish.net wrote:
>
>> On 7 Oct 2015, at 15:44, Dave Longley <dlongley@digitalbazaar.com>
>>  wrote:
>>
>> On 10/07/2015 05:29 AM, henry.story@bblfish.net wrote:
>>>
>>> Research in RDF has gone into finding an ordering for a graph
>>> that does not rely on a accidental property such as "creation
>>> order", but instead to find a reproducible function from graph to
>>> serialisation that can be used whatever the order one is given
>>> for the graph.
>>>
>>> I think Dave Longley has been working on this for JSON LD.
>>>
>>
>> It sounds like you're referring to RDF Dataset Normalization:
>>
>> http://json-ld.org/spec/latest/rdf-dataset-normalization/
>>
>> By the way, this algorithm isn't specific to JSON-LD; it is syntax
>> agnostic (it starts with an abstract RDF Dataset).
>
> very nice.
>
> It would be good if that spec had a few examples of a graph that was
>  signed in the way Anders did it, in 2 different serialsiations
> involving quads such as JSON and N3.

That spec isn't directly about signatures, though it has applicability.
It's just about normalizing an RDF Dataset so it can be more easily be
digitally signed, hashed, compared, etc.

This spec depends on RDF Dataset Normalization and is specifically about
Linked Data signatures but is very out of date:

https://web-payments.org/specs/source/ld-signatures/

There's a short video to go along with the concept here:

https://www.youtube.com/watch?v=QdUZaYeQblY

And another that builds on that regarding the idea of digitally-signed
credentials on the Web:

https://www.youtube.com/watch?v=eWtOg3vSzxI

>
> Btw, earlier this year there was some research on naming blank nodes
>  with some very efficient algorithms on deterministic naming of blank
>  nodes
>
> https://lists.w3.org/Archives/Public/semantic-web/2015May/
>
> I see you responded to that. Was that relevant?

Yes, that paper looked to be very much in line with the algorithm we
independently created a while back. In my response below I tried to lay
out the similarities:

https://lists.w3.org/Archives/Public/semantic-web/2015May/0146.html


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Wednesday, 7 October 2015 15:28:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 October 2015 15:28:44 UTC